Irmen de Jong wrote: > Pickle and marshal are not safe. They can do harmful > things if fed maliciously constructed data. > That is a pity, because marshal is fast.
I think marshal could be fixed; the only unsafety I'm aware of is that it doesn't always act rationally when confronted with incorrect input like bad type codes or truncated input. It only receives instances of the built-in types and it never executes user code as a result of unmarshalling. Perhaps someone would be interested in submitting a patch to the unmarshalling code? Since this is a security fix we'd even accept a fix for 2.3. > I need a fast and safe (secure) marshaler. > Is xdrlib the only option? > I would expect that it is fast and safe because > it (the xdr spec) has been around for so long. I don't expect that to be particularly fast, since it mostly operates at Python speed. I think it could be safe but I would still do a thorough code review if I were you -- the code is older than my awareness of the vulnerabilities inherent in this kind of remote data transfer. --Guido -- http://mail.python.org/mailman/listinfo/python-list
